Cisco NX-OS Remote Code Execution Vulnerability

A vulnerability has been identified in Cisco NX-OS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition.

Note:

The CVE-2024-20399 vulnerability is being exploited in the wild. This vulnerability could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device.

To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.

Impact

• Remote Code Execution

System / Technologies affected

• MDS 9000 Series Multilayer Switches
• Nexus 3000 Series Switches
• Nexus 5500 Platform Switches
• Nexus 5600 Platform Switches 
• Nexus 6000 Series Switches
• Nexus 7000 Series Switches
• Nexus 9000 Series Switches in standalone NX-OS mode

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP

Vulnerability Identifier

• CVE-2024-20399

Source

• Cisco

Related Link

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP